Pans Github Scout

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a user-run GitHub lead search/export tool with no hidden installation, persistence, or destructive behavior.

Before installing, treat exported lead files as potentially sensitive business/contact data. Use enrichment and CSV export only for appropriate lawful purposes, store exports carefully, and avoid giving the tool a broad GitHub token.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises executable behavior that implies network access, environment access, and file writing, but it does not declare any permissions or constraints. This creates a trust gap: operators cannot accurately assess what the skill may access or modify, and hidden capability expansion is a common path to unintended data exposure or unauthorized outbound requests.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: The skill description promises narrowly scoped lead discovery for AI companies with specific filters, but the described behavior is broader and some claimed filters are not implemented. Description-behavior mismatch is dangerous because users may authorize or trust the skill under false assumptions, leading to over-collection, misuse outside intended scope, or unreliable business decisions from incomplete filtering.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script writes collected lead data, including organization email and location fields, directly to CSV on disk without any consent prompt, field minimization, or sensitivity warning. In a lead-generation context, this increases the risk of unintended retention, redistribution, or mishandling of contact information, especially if exports are stored insecurely or shared broadly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal